Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@khanacademy/graphql-flow
Advanced tools
This is a tool for generating flow types from graphql queries in javascript frontends.
This is a tool for generating flow types from graphql queries in javascript frontends.
Write a config file, following the schema defined in src/cli/schema.json, either as a .json
file, or a .js
file that module.exports
an object adhering to the schema.
Then run from the CLI, like so:
$ graphql-flow path/to/config.json
Files will be discovered relative to the crawl.root
.
To customize type generation for certain directories or files, you can provide multiple
generate
configs as an array, using match
and exclude
to customize behavior.
For a given file containing operations, the first generate
config that matches that path
(and doesn't exclude it) will be used to generate types for those operations. If a generate
config doesn't have a match
attribute, it will match all files (but might exclude some via the
exclude
attribute).
For example:
// dev/graphql-flow/config.js
const options = {
schemaFilePath: "../../gengraphql/composed-schema.graphql",
regenerateCommand: "make gqlflow",
generatedDirectory: "__graphql-types__",
exclude: [
/_test.js$/,
/.fixture.js$/,
/\b__flowtests__\b/,
],
};
module.exports = {
crawl: {
root: "../../",
},
generate: [
{
...options,
schemaFilePath: "../../gengraphql/course-editor-schema.graphql",
match: [/\bcourse-editor-package\b/, /\bcourse-editor\b/],
},
{
...options,
match: [/\bdiscussion-package\b/]
experimentalEnums: true,
},
options,
],
};
Here's how to get your backend's schema in the way that this tool expects, using the builtin 'graphql introspection query':
import {getIntrospectionQuery} from 'graphql';
import fs from 'fs';
import fetch from 'node-fetch';
const query = getIntrospectionQuery({descriptions: true}),
const response = await fetch(`https://my-backend.com`, {
method: 'POST',
body: query,
headers: {
// You definitely shouldn't be allowing arbitrary queries without
// some strict access control.
'X-header-that-allows-arbitrary-queries': 'my-secret-key',
},
contentType: 'application/json',
});
const fullResponse = await response.json();
fs.writeFileSync('./server-introspection-response.json', JSON.stringify(fullResponse.data, null, 2));
FAQs
This is a tool for generating flow types from graphql queries in javascript frontends.
The npm package @khanacademy/graphql-flow receives a total of 241 weekly downloads. As such, @khanacademy/graphql-flow popularity was classified as not popular.
We found that @khanacademy/graphql-flow demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.